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In the Claims 

Please amend the claims as follows: 

1 . (currently amended) A method for sharing tho author i zation to use spec i fic 
resources among mu l t i pl e devic e s (11,13), which resourc e s ar e accessible via 
messages on wh i ch a s e cret koy op e ration was app lie d w i th a prod e t e rminod 
socrot mast e r koy (d) avai l abl e at a master dovico (11), said mothod 
comprising: 

generating at a master device a first part and a second part of a 
predetermined secret master key, said predetermined secret master key 
being available at said master device and said first part and said second 
part being combinable to said secret master kev splitting sa i d socrot master 
koy (d) at said master dovic o (11) i nto a f i rst part (d^) and a second part 

wherein resources are accessible via messages on which a secret key 
operation was applied with said secret master key and w herein said master 
device (44)-is acting as a delegator of an said-authorization to use said 
specific resources ; 

forwarding a piece of information to a slave device (43)-acting as a 
delegatee of said authorization, which piece of information enables said 
slave device (43)-to perform a partial secret key operation on messages 
(m)-based on said first part {^fof said secret master key-(d); and 
forwarding said second part {^)-of said secret master key {d)-to a server 
(42>-for enabling said server (42)-to perform a partial secret key operation 
on messages {mfreceived from said slave device (4-3)-based on said 
second part {cbfof said secret master key-{d). 

2. (currently amended) A method according to claim 1 , wherein a delegatee (+3) 
to which said authorization was delegated is enabled to act as delegator for 
delegating said authorization to another slave devices (23}-acting as delegatee, 
said method comprising for said further delegation: 
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generating at said deleqator a further first part and another part of said first 
part of said secret master key, which can be generated at said deleqator, 
said further first part and said other part being combinable to said first part 
of said secret master kev sp li tt i ng a first part (di) of said s e cr e t master k e y 
(d) which can bo gonoratod at said do l ogator (13) into a further f i rst part 
{44 4) of said secret mast e r k e y (d) and anoth e r part (d^ ); 
forwarding a piece of information to said delegatee-(23), which piece of 
information enables said delegatee (23)-to perform a partial secret key 
operation on messages (m)-based on said further first part-^u); 
forwarding said other part {^fof said first part {d^-of said secret master 
key {d)-to said server-{42); and 

combining a second part (d 2 }-of said secret master key (d>-available at said 
server (43)-for said delegator (43)-with said other part (d^fprovided by 
said delegator (43)-to a further second part {4^)-of said secret master key 
(dffor enabling said server (42}-to perform a partial secret key operation on 
messages (mfreceived from said delegatee (23)-based on said further 
second part {^)-of said secret master key-(d). 

3. (currently amended) A method according to claim 1 , wherein generating a first 
part and a second part of a predetermined secret master key said stop of 
sp li tting a koy (drcUfat a respective delegator (11,13) i nto two parts is preceded 
by: th e st e ps of 

generating a password verification value (b)-at a respective delegatee 
(13,23) based on a password input by a user (4£)-of said delegatee (13,23) 
and on a first random number; and 

providing said password verification value (b)-to sa id delegato r (11,13) ; 
wherein said respective first part (4 4 ^44fof said secret master key (d)-is 
determined at said delegator (11,13) based on said password verification value 
(fe)-received from said delegatee (13,23) and on a second random number {v) 
and wherein said piece of information which is forwarded by said delegator 
(11,13) to said delegatee (13,23) comprises said second random number (v) 
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for enabling said delegatee (13,23) to generate said respective first part (c^ta) 
of said secret master key-(d). 

4. (currently amended) A method according to claim 1 , wherein said delegator 
(11,13) determines a respective second part (d 2T d^)-of an available secret key 
{drdifas the difference between said available secret key (d^fand a 
randomly generated first part (d^^fof said secret master key-(d). 

5. (currently amended) A method according to claim 1 , wherein a delegator 
(11,13) provides in addition policy data to said server (^-restricting the 
bounds of the authorization that may be delegated to a delegatee (13,23) . 

6. (currently amended) A method according to claim 5, wherein said bounds 
comprise a delegation bound indicating the maximum number of allowed 
further delegations of said authorization by a respective delegatee (43)-acting 
as a delegator for further delegatees-(2S). 

7. (currently amended) A method according to claim 5, wherein said bounds are 
content bounds comprising at least one value which can be compared to the 
values of attributes in a message (ro)-on which a secret key operation is to be 
performed, said message (mfhaving a pre-defined structure including said 
attributes. 

8. (currently amended) A method according to claim 1 , wherein said delegator 
(11,13) transmits a respective second part (d 27 d^)-of an available secret key 
(d^fcomputed for a specific delegatee (13,23) directly to said server (42) 
once during an initialization process for a specific delegatee (13,23) . 

9. (currently amended) A method according to claim 1 , wherein said delegator 
(11,13) transmits a respective second part (da^^of an available secret key 
(d^^computed for a specific delegatee (13,23) directly to said server (42) 
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upon a request by said server (12) e ach time said specific delegatee (13,23) 
requests a partial secret key operation on a message-(m). 

10. (currently amended) A method according to claim 1 , wherein said delegator 
(11,13) transmits a respective second part {cbi^fof an available secret key 
{d^^-computed for a specific delegatee (13,23) to said server via said specific 
delegatee (13,23) once during an initialisation process. 

1 1 . (currently amended) A method according to claim 1 , wherein said delegator 
(11,13) transmits a respective second part ^ 27 ^^)-of an available secret key 
(d^fcomputed for a specific delegatee (13,23) to said server (42)-via said 
specific delegatee (13,23) , said specific delegatee {43r23)-forwarding said 
respective second part (c^t^Ho said server (12) each time it requests a 
partial secret key operation on a message (m)-from said server-{42). 

12. (currently amended) A method according to claim 1 , wherein a confidential 
channel can be established between a respective delegator (11,13) and a 
respective delegatee (13,23) for securely transmitting confidential information 
between said delegator (11,13) and said delegatee (13,23) . 

13. (currently amended) A method according to claim 1, wherein a security 
association is formed between a respective delegator (11,13) and said server 
(42)-for securely transmitting confidential information between said delegator 
(11,13) to said server-(42). 

14. (currently amended) A method according to claim 13, wherein said security 
association is realized with a symmetric algorithm using cryptographic 
parameters (K(ID),A( I D)) associated to said delegato r (11,13) , which 
cryptographic parameters (K(ID),A(ID)) are available at said delegator (43)-and 
at said server-(42). 
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15. (currently amended) A method according to claim 1, wherein a security 
association is formed between a respective delegatee (13,23) and said server 
(42)-for securely transmitting confidential information between said delegatee 
(13,23) and said server-{42}. 

16. (currently amended) A method according to claim 15, wherein said security 
association is realized with a symmetric algorithm using cryptographic 
parameters (K(ID),A(ID)) associated to said delegatee {43)-and available at 
said delegatee (43)-and at said server-{43). 

17. (currently amended) A method according to claim 16, wherein said 
cryptographic parameters (K( I D),A( I D)) associated to said delegatee (43)-are 
generated by the respective delegator (44f and provided to said delegatee (4-3) 
and to said server-{42). 

18. (currently amended) A method according to claim 1 , wherein said delegator 
(44)-forwards said piece of information to a slave device (13,33) only in case 
said delegator (44)-determines that said slave device (13,33) comprises a 
tamper resistant certificate indicating that said slave device (13,33) is compliant 
with predetermined rights issuer rules. 

19. (currently amended) A method according to claim 1 , wherein said delegator 
(44^-forwards said second part of said secret master key to said server (4-2) 
only in case said delegator fM^determines that said server (42)-com prises a 
tamper resistant certificate indicating that said server (42)-is compliant with 
predetermined rights issuer rules. 

20. (currently amended) A method according to claim 1 , wherein a delegatee 
(13,23) makes use of a delegated authorization by transmitting a request to 
perform a partial secret key operation on an included message (m)-to said 
server-(42), said server (42>-performing a partial secret key operation on said 
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received message (m)-based on a respective second part (d^^^of said secret 
master key {d)-and transmitting a resulting message as response message to 
said delegatee (13,23) , and wherein said delegatee (13,23) performs a partial 
secret key operation on said transmitted message (mfbased on said computed 
first part (d^^lufof said secret master key (dfand combines a resulting 
message with said response message received from said server-{42). 

21 . (currently amended) A method according to claim 20, wherein a delegator 
(11,13) transmits to said server (42)-a password verification value (b>-provided 
by a respective delegatee (13,23) to said delegator (11,13) during the 
delegation of said authorization, which password verification value (b)-is 
generated by said delegatee (13,23) based on a password entered by a user 
{4£}-of said delegatee (13,23) and on a random number, wherein said 
delegatee (13,23) transmits to said server (43ftogether with each request to 
perform a partial secret key operation on a message {mfa password 
verification value (B)-generated by said delegatee (13,23) based on a 
password entered by a user (4£)-of said delegatee (13,23) for the respective 
request and on said random number, and wherein said server (+2}-verifies the 
identity of a user {4-§)-using said delegatee (13,23) before performing said 
requested partial secret key operation by comparing said password verification 
values (b,D) received from said delegator (11,13) and from said delegatee 
(4^3). 

22. (currently amended) A method according to claim 20, wherein said server (42) 
verifies the identity of a delegatee (13,23) requesting a partial secret key 
operation on a message (m)-before performing a requested partial secret key 
operation on a received message-(m). 

23. (currently amended) A method according to claim 20, wherein said delegator 
£14)-transmits a voucher to said delegatee (13,33) to which it forwards said 
piece of information, said voucher indicating an extent of a right of said 
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delegator to share said authorization, wherein a delegatee (43}-includes in a 
request transmitted to said server (42)-to perform a partial secret key operation 
an indication of said right of said delegator (44}-to share said authorization 
received in said voucher, and wherein said server (+2)-performs a partial secret 
key operation on a message received in a request by a delegatee (43)-only in 
case it determines that said request by said delegatee <4^)-is covered by said 
indicated extend of said right of said delegator (44)-to share said authorization. 

24. (original) A method according to claim 23, wherein said indication in said 
voucher comprises the number of devices allowed to make use of a specific 
content, for which said requested partial secret key operation is required, at the 
same time. 

25. (currently amended) A delegato r (11,13) compris i ng 

configured to generate a first part and a second part of an available 
predetermined secret master key, said first part and said second part being 
combinable to said secret master key, wherein resources are accessible 
via messages on which a secret key operation was applied with said secret 
master key, and wherein said delegator is a delegator of an authorization to 
use said specific resources; 

configured to forward a piece of information to a slave device acting as a 
delegatee of said authorization, which piece of information enables said 
slave device to perform a partial secret key operation on messages based 
on said first part of said secret master key; and 
configured to forward said second part of said secret master key to a 
server for enabling said server to perform a partial secret key operation on 
messages received from said slave device based on said second part of 
said secret master key. 
means for d ele gat i ng an authorizat i on to us e sp e cific r e sourc e s to a d ele gat ee 
(13,23,33) accord i ng to claim 1. 
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26. (currently amended) A delegatee (13,23,33) compr i s i ng 

configured to moans for requestin g an authorization to use specific 
resources from a delegator, wherein said resources are accessible via 
messages on which a secret key operation is applied with a predetermined 
secret master key available at said delegator; 

configured to aftd-receive i ng an authorizat i on to us o sp e cific r o sourc e s 
from said a -delegator a piece of information, 

configured to use said piece of information to perform a partial secret key 
operation on messages based on a first part of said secret master key; and 
configured to co-operate with a server which is configured to perform a 
partial secret key operation on messages based on a second part of said 
secret master key, wherein said first part and said second part of said 
secret master key are combinable to said secret master key{ 44r4£} 
accord i ng to claim 1 . 

27. (currently amended) A serve r (12) comprising m e ans for support i ng a chain e d 
d ele gat i on of an authorizat i on to us e sp e cif i c r e sourc e s from a r e sp e ct i v e 
dologator (11,13) to a r e sp e ctiv e d ele gat ee (13,23) according to cla i m 2. 

configured to receive from a delegator a second part of a secret master 
key, said second part being combinable with a first part of said secret 
master key available at a delegatee, wherein resources are accessible via 
messages on which a secret key operation was applied with said secret 
master key, 

configured to receive from said delegatee a second part of said first part of 
said secret master key, said second part of said first part of said secret 
master key being combinable with a first part of said first part of said secret 
master key available at a second delegatee to said first part of said secret 
master key; and 

configured to combine said second part of said secret master key with said 
second part of said first part of said secret master key to obtain a further 
second part of said secret master key for enabling said server to perform a 
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partial secret key operation on messages received from said second 
delegatee based on said further second part of said secret master key. 

28. (new) A method comprising: 

requesting an authorization to use specific resources from a delegator, 
wherein said resources are accessible via messages on which a secret key 
operation is applied with a predetermined secret master key available at 
said delegator; 

receiving from said delegator a piece of information, 
using said piece of information to perform a partial secret key operation on 
messages based on a first part of said secret master key; and 
co-operating with a server which is configured to perform a partial secret 
key operation on messages based on a second part of said secret master 
key, wherein said first part and said second part of said secret master key 
are combinable to said secret master key. 

29. (new) A method comprising: 

receiving from a delegator a second part of a secret master key, said 
second part being combinable with a first part of said secret master key 
available at a delegatee, wherein resources are accessible via messages 
on which a secret key operation was applied with said secret master key, 
receiving from said delegatee a second part of said first part of said secret 
master key, said second part of said first part of said secret master key 
being combinable with a first part of said first part of said secret master key 
available at a second delegatee to said first part of said secret master key; 
and 

combining said second part of said secret master key with said second part 
of said first part of said secret master key to obtain a further second part of 
said secret master key for being enabled to perform a partial secret key 
operation on messages received from said second delegatee based on 
said further second part of said secret master key. 
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30. (new) An apparatus comprising: 

means for generating a first part and a second part of an available 
predetermined secret master key, said first part and said second part being 
combinable to said secret master key, wherein resources are accessible 
via messages on which a secret key operation was applied with said secret 
master key, and wherein said apparatus is a delegator of an authorization 
to use said specific resources; 

means for forwarding a piece of information to a slave device acting as a 
delegatee of said authorization, which piece of information enables said 
slave device to perform a partial secret key operation on messages based 
on said first part of said secret master key; and 
means for forwarding said second part of said secret master key to a 
server for enabling said server to perform a partial secret key operation on 
messages received from said slave device based on said second part of 
said secret master key. 

31. (new) An apparatus comprising: 

means for requesting an authorization to use specific resources from a 
delegator, wherein said resources are accessible via messages on which a 
secret key operation is applied with a predetermined secret master key 
available at said delegator; 

means for receiving from said delegator a piece of information, 
means for using said piece of information to perform a partial secret key 
operation on messages based on a first part of said secret master key; and 
means for co-operating with a server which is configured to perform a 
partial secret key operation on messages based on a second part of said 
secret master key, wherein said first part and said second part of said 
secret master key are combinable to said secret master key. 
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